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Key Characteristics 


Standard: RFC 3022 

Short term solution to overcome the address requirement to connect with internet 

Enables an organization to use Private Addressing Scheme (defined in RFC 1918) and still connect to the internet 


Private Address Space 


Private IP addressing is defined in RFC 1918 according which the following IP address blocks can be used within an 
organization for private use: 

1 . 10 . 0 . 0 . 0/8 

2. 172.16.0.0/12 

3. 192.168.0.0/16 


NAT Address Types 


Inside Local Address: the IP Address assigned to the host on the inside network. This address is usually from the RFC 
1918 Private address space. 

Inside Global Address: It is the IP address of an inside host (or a group of hosts) as it appears to the outside network. 
It is usually an address that is globally routable. 

Outside Local Address: the IP address assigned to an outside host as it appears to the inside network. The address is 
allocated from an address space routable on inside network 

Outside Global Address: the IP address of an outside host assigned by the owner/administrator of the host. 
Allocated from a globally routable address space 


Types of NAT 


There are 3 types: 

1. Static NAT 

• A single local IP address is mapped to single global IP address. Also called one-to-one NAT 

2. Dynamic NAT 

• A pool of global addresses is used to translate local IP addresses. Each inside host is assigned a global address for the 
duration of the session. If the session is timed-out, the specific IP address is available to use for other inside hosts 

3. Port Address Translation 


• Also called overloading NAT. If a large number of host need to access the internet, then static and dynamic NAT are 
not feasible solutions as a large number of public IP addresses will be required. PAT actually translates multiple local 
addresses to a single global address using different ports. 



Router Rl: 

interface fastethernetO/1 

ip address 192.168.1.1 255.255.255.0 

ip nat inside 


interface fastethernet0/0 
ip address 10.1.1.1 255.255.255.0 
ip nat outside 


ip nat inside source static 192.168.1.10 172.16.1.1 
Rl#sh ip nat translation 

Pro Inside global Inside local Outside local Outside global 
— 172.16.1.1 192.168.1.10 
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Configuration Example: Dynamic NAT 


Router Rl: 

interface fastethernetO/1 

ip address 192.168.1.1 255.255.255.0 

ip nat inside 

! 

interface fastethernetO/O 
ip address 10.1.1.1 255.255.255.0 
ip nat outside 

! 

ip access-list standard INSIDE-HOSTS 
permit 192.168.1.0 0.0.0.255 

! 

ip nat pool NAT-POOL 155.1.1.1 155.1.1.254 netmask 255.255.255.0 
! 

ip nat inside source list INSIDE-HOSTS pool NAT-POOL 


Outside local Outside global 


Rl#sh ip nat translation 

Pro Inside global Inside local 

155.1.1.1 192.168.1.1 

155.1.1.2 192.168.1.2 

155.1.1.3 192.168.1.3 


Configuration Example: Port Address Translation 


Router Rl: 

interface fastethernetO/1 

ip address 192.168.1.1 255.255.255.0 

ip nat inside 

! 

interface fastethernet0/0 
ip address 10.1.1.1 255.255.255.0 
ip nat outside 

! 

ip access-list standard INSIDE-HOSTS 
permit 192.168.1.0 0.0.0.255 

! 

ip nat inside source list INSIDE-HOSTS interface fastethernet0/0 overload 


R2#sh ip nat translation 
Pro Inside global 

Icmp 10.1.1.1:5 

icmp 10.1.1.1:6 

tcp 10.1.1.1:41683 

tcp 10.1.1.1:51780 


Inside local 

192.168.1.1 

192.168.1.2 
192.168.1.3:41683 
192.168.1.3:51780 


Troubleshooting Command 


1. show ip nat translation 

2. show ip nat translation verbose 

3. debug ip nat [detailed] 


Outside local 

10.1.1.3:5 

10.1.1.4:6 

10.1.1.3:23 

10.3.1.4:80 


Outside global 

10.3.3.3:5 

10.3.3.4:6 

10.3.3.3:23 

10.3.3.4:80 













